Monday, March 15, 2010

Lusca Logging, revisited

So the obvious thing to do is to not run the logging path at all, and to avoid evaluating the access control list(s) if there's no access control set defined for logging.

There are a couple of problems with this!

Firstly, the current behaviour is to not pass request/reply information through some of the statistics counters and the clientdb modules if the request doesn't match the logging ACL. If there's no logging ACL then all requests are kicked to the statistics/clientdb counters.

Secondly, there's also the ACLs used in the access_log directives which allow the administrator to filter which requests/replies are logged to which access log file(s). The current implementation will pass all requests which aren't denied by the top-level logging ACL through to each of the access_log entries, checking those for suitability.

The question is - can I mostly maintain the behaviour for the use cases. The main two are:
  1. where logging is completely disabled (via "access_log none") but maintain client counters and the clientdb;
  2. where logging is enabled to one access_log entry, maintaining client counters and the clientdb.
Hm, stuff to do, stuff to do..


  1. Hello sir...
    can you help me for cache.log my ipcop 1.4.21?

    2010/03/18 12:05:23| WARNING: 1 invalid swap log entries found
    2010/03/18 12:05:23| storeAufsRebuildHelperRead: /var/log/cache: read returned 0; error/eof?
    2010/03/18 12:05:23| Done scanning /var/log/cache (3 entries)
    2010/03/18 12:05:23| Finished rebuilding storage from disk.
    2010/03/18 12:05:23| 3 Entries scanned
    2010/03/18 12:05:23| 3 Invalid entries.
    2010/03/18 12:05:23| 0 With invalid flags.
    2010/03/18 12:05:23| 0 Objects loaded.
    2010/03/18 12:05:23| 0 Objects expired.
    2010/03/18 12:05:23| 0 Objects cancelled.
    2010/03/18 12:05:23| 0 Duplicate URLs purged.
    2010/03/18 12:05:23| 0 Swapfile clashes avoided.
    2010/03/18 12:05:23| Took 0.3 seconds ( 0.0 objects/sec).
    2010/03/18 12:05:23| Beginning Validation Procedure
    2010/03/18 12:05:23| Completed Validation Procedure
    2010/03/18 12:05:23| Validated 0 Entries
    2010/03/18 12:05:23| store_swap_size = 0k
    2010/03/18 12:05:24| storeLateRelease: released 0 objects

    This is cache.log my ipcop. whay there is invalid SWAP? and this storeAufsRebuildHelperRead: /var/log/cache: read returned 0; error/eof? , thank's sir

  2. There's something weird with the current rebuild logic which seems to eat the swap logfiles in certain contexts. I'm not sure what it is because I've not reproduced it locally. I think it's something weird to do with the pfsense and similar setups.

    It's a known bug. Just delete swap.state and restart Lusca.